Question 1

Does your organization, or any subsidiaries of your organization, collect personal data from workers located in the European Economic Area (EEA)?

Personal data means information that relates to an identified or identifiable natural person. For example, an individual’s name, job title, telephone number, or employee identification number is personal data.

Worker For purposes of this GDPR tool, "worker" refers to any individual who falls under the responsibility of your organization’s HR department, for example: applicants; employees; independent contractors; interns; temporary workers; and volunteers.

European Economic Area includes Iceland, Liechtenstein and Norway and the countries of the European Union (the “EU”): Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the United Kingdom. The United Kingdom is expected to continue to be a member of the EEA into 2019. Switzerland is not a member of the EEA.

Question 2

Is any personal data of workers located in the European Economic Area (EEA) transferred to the United States or to another country located outside of the EEA?

Transfer means to send personal data to a country outside the EEA or to permit access from outside the EEA to personal data located within the EEA. For example, your organization transfers personal data from the EEA to the United States if a German employee’s salary information is stored in a database in Germany and individuals in the United States remotely access that data.

The EEA refers to the 28 member states of the European Union plus Iceland, Liechtenstein and Norway.

GDPR Compliance Information

Your organization may not have compliance obligations under the GDPR for human resources data. This analysis can be highly fact-dependent, however.

Please contact Littler's GDPR Compliance Team to confirm. In addition, please note that your organization may be required to comply with the GDPR for other types of personal data, such as consumers’ personal data.

With the EU’s GDPR in effect, implementation of your compliance program has its own set of challenges.

Multinational employers that collect data from workers located in the European Economic Area should have carefully implemented the changes to their data protection processes required by the GDPR. With the deadline passed, challenges and questions are expected to arise regarding the ongoing responsibilities of employers to protect their HR data. Whether you still need to implement a GDPR compliance program or need guidance on maintaining one, Littler’s experienced attorneys can help you navigate the unique challenges of complying with the GDPR as it relates to HR data, and help you reduce the risk of major financial penalties. Contact Littler's GDPR Compliance Team to assist you. Their deep experience in global data protection will help you on the path to compliance.